Memory from 1200000 up to the 27.5mb limit is filled with Hypercalls that trigger the JIT (a Co-pro 8 instruction instruction that generates an Undefined Instruction Abort)

An Undefined Instruction, Data Abort, Prefetch Abort and Branch Through Zero handlers are added to the relevant vectors. The SWI vector is already claimed by ADFFS and is notified to pass any SWI's for OS 8 to the Hypervisor

Switch CPU to User mode

Jump to <address> + 1200000

This immediately triggers an Undefined Instruction and at this point the JIT kicks in:

LDR - LDR's that could potentially read from page zero (LDR Rd, [Rn, ... where Rn<>PC / LDR Rd, [PC{]}, Rm {,...} ) are executed up too and provided the condition is true, the instruction is emulated once and the result address checked. If it's above &4000 the instruction is copied, any that are reading below &4000 remain as JIT entry instructions and emulated

In effect, code that would normally run at 8000 is recoded to run at 1208000, but use 8000 for all LDR, STR, LDM and STM instructions. What we end up with is all code at 1208000+ and all data at 8000+

Read-ahead

Once entered, the JIT will continue processing instructions up to a limit of 128 instructions or until one of the following is encountered, it will then exit and retry the initial instruction that triggered the JIT.

<ALU> PC, ...

B <address> that's conditional

BL <address> that's conditional

LDR PC, ...

LDM<mode> Rn, {..., PC}

SWI OS_Exit

SWI OS_ExitAndDie

SWI OS_GenerateError

Self-modifying code

Writes to pages already seen by the JIT trigger a Data Abort:

Data Abort handler is entered

The abort handler checks the abort was an access abort and within Application Space, if not its passed to the existing Abort handler (ie RISCOS)

Word(s) at <Abort address + 1200000> are checked, if they're instructions previously seen by the JIT, they're changed to Hypercalls and the relevant cache flushes performed

The instruction is emulated and the actual memory altered accordingly

RMA support

1.5mb of RAM from 800000 to 980000 is setup as a Heap to mirror RMA functionality